Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2026-01-04 05:35:33 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

DTLS: treat bad MAC on Finished as an error

Browse source 
This is not required nor recommended by the protocol, and it's a layering
violation, but it's a know flaw in the protocol that you can't detect a PSK
auth error in any other way, so it is probably the right thing to do.

closes #227
This commit is contained in:
Manuel Pégourié-Gonnard 2015-08-04 12:08:35 +02:00
parent 7381ff0046
commit 0a8857435c
2 changed files with 24 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
tests/ssl-opt.sh
View file

@ -2851,6 +2851,13 @@ run_test "DTLS client auth: none, client has no cert" \
-c "skip write certificate$" \
-s "! Certificate verification was skipped"
run_test "DTLS wrong PSK: badmac alert" \
"$P_SRV dtls=1 psk=abc123 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \
"$P_CLI dtls=1 psk=abc124" \
1 \
-s "SSL - Verification of the message MAC failed" \
-c "SSL - A fatal alert message was received from our peer"
# Tests for receiving fragmented handshake messages with DTLS
requires_gnutls